Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 715538 (CVE-2020-11104, CVE-2020-11105) - dev-libs/cereal: Multiple vulnerabilities (CVE-2020-{11104,11105})
Summary: dev-libs/cereal: Multiple vulnerabilities (CVE-2020-{11104,11105})
Status: IN_PROGRESS
Alias: CVE-2020-11104, CVE-2020-11105
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~4 [upstream cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-30 22:51 UTC by Sam James
Modified: 2020-06-25 13:55 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-03-30 22:51:09 UTC
1) CVE-2020-11104

Description:
"An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an (initialized) C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information (such as memory layout or private keys) can be gleaned if the archive is distributed outside of a trusted context."

Bug: https://github.com/USCiLab/cereal/issues/625

2) CVE-2020-11105

Description:
"An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::shared_ptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::shared_ptr variable goes out of scope and is freed, and a new std::shared_ptr is allocated at the same address. Serialization fidelity thereby becomes dependent upon memory layout. In short, serialized std::shared_ptr variables cannot always be expected to serialize back into their original values. This can have any number of consequences, depending on the context within which this manifests."

Bug: https://github.com/USCiLab/cereal/issues/636
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2020-04-16 14:04:49 UTC
CVE-2020-11105 (https://nvd.nist.gov/vuln/detail/CVE-2020-11105):
  An issue was discovered in USC iLab cereal through 1.3.0. It employs caching
  of std::shared_ptr values, using the raw pointer address as a unique
  identifier. This becomes problematic if an std::shared_ptr variable goes out
  of scope and is freed, and a new std::shared_ptr is allocated at the same
  address. Serialization fidelity thereby becomes dependent upon memory
  layout. In short, serialized std::shared_ptr variables cannot always be
  expected to serialize back into their original values. This can have any
  number of consequences, depending on the context within which this
  manifests.

CVE-2020-11104 (https://nvd.nist.gov/vuln/detail/CVE-2020-11104):
  An issue was discovered in USC iLab cereal through 1.3.0. Serialization of
  an (initialized) C/C++ long double variable into a BinaryArchive or
  PortableBinaryArchive leaks several bytes of stack or heap memory, from
  which sensitive information (such as memory layout or private keys) can be
  gleaned if the archive is distributed outside of a trusted context.
Comment 2 Sam James archtester gentoo-dev Security 2020-06-13 17:02:58 UTC
ping